package com.song.config;

import com.song.handler.MyAuthenticationFailureHandler;
import com.song.handler.MyAuthenticationSuccessHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Author Klys
 * @Date 2023/5/28 18:19
 * @Description
 * @Version 1.0
 */
//@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)  //开启全局方法安全，启用预授权注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * @return ## 注意 : 放⾏资源必须放在所有认证请求之前! !
     * @Author Klys
     * @Description //TODO
     * @Date
     * @Param
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests()
                //permitAll代表放⾏该资源,该资源为公共资源 ⽆需认证和授权可以直接访问
                .mvcMatchers("/login.html", "/update", "/test").permitAll()
//                .mvcMatchers("/index.html").permitAll()
//                .mvcMatchers("/success.html").permitAll()
//                .mvcMatchers("/failure.html").permitAll()
//                .mvcMatchers( "/selectList").permitAll()
                .mvcMatchers("/student/**")
                .hasAnyAuthority("add")   //拥有add权限的人可以访问/student/**下的所有
                .mvcMatchers("/teacher/add")
                .hasAnyAuthority("add")
                //anyRequest.authenticated代表所有请求,必须认证之后才能访问
                .anyRequest().authenticated()
                //formLogin代表开启表单认证
                .and()
                .formLogin()
                //定义跳转登录页面的url
//                .loginPage("/login.html")
                //定义的form表单提交的url
//                .loginProcessingUrl("/test")
//                .usernameParameter("klys")
//                .passwordParameter("123456")
                //认证成功后跳转的页面
//                .successForwardUrl("/success.html")
                //自定义登录成功处理
                //认证失败后跳转的页面
//                .failureUrl("/failure.html")
                //自定义登录失败处理逻辑
//                .successHandler(new MyAuthenticationSuccessHandler())
//                .failureHandler(new MyAuthenticationFailureHandler())
                //先关闭 CSRF
                .and()
                .csrf().disable();
    }
}
